CSRF Vulnerability in WP Smiley Plugin 1.4.1 for WordPress Allows Remote XSS Attacks

CSRF Vulnerability in WP Smiley Plugin 1.4.1 for WordPress Allows Remote XSS Attacks

CVE-2015-4140 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting (XSS) attacks via the s4w-more parameter to the smilies4wp.php page to wp-admin/options-general.php.

Learn more about our Wordpress Pen Testing.